Decryption key is central to controlled rights and self-deleting data

Two new trends in data protection are using encryption to accomplish their goals: controlled rights and self-deleting data.

Application suites such as EMC’s Documentum 5 allow documents to be created with controlled rights built-in. The company’s recent updates improve access control and retention-policy management, allowing users to set policies outside the Documentum repository. This is mainly accomplished by setting policies during the content-creation phase and encrypting the content before it’s exported. To read a record or document, the application -- Acrobat Reader or Office, for example -- must access a central policy server for a decryption key. To delete or deny access to a document, an authorized agent can change access policies or destroy the key.

Controlled rights allow an authorized agent to revoke the access and privileges once afforded to a particular user, on the fly. The document is authenticated and encrypted at inception and distributed in encrypted form. When someone attempts to open the document, the related application connects to the originator to verify that the requesting user still has access. If so, the decryption key is supplied (or decrypted) and the document is opened. At a later date, the document’s authorization can be revoked. Unless the user printed or copied the data while authorized, the document’s contents will remain secure.

A similar trend involves self-deleting data, which is now an option for laptops, cell phones, PDAs, and other devices employees might want to protect. After it’s encrypted, the data is further protected by monitoring software and a compatible device. Whenever the device is turned on, it uses the Internet (or cell phone network) to connect back to the data owner’s authorization server. The connection “back home” requires no request on the part of the user and is often intentionally hidden from casual interaction.

If the device is stolen, the owner can instruct the device to delete or encrypt the data when it next connects. Some solutions instruct the device to delete or encrypt the data after a predefined number of days if the device is unable to connect to the authorization server.